diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go
index f0a13ebdc..8a8d0e08f 100644
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -6,6 +6,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/jpillora/chisel/server"
+
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
 	"github.com/portainer/portainer/api/cli"
@@ -641,6 +643,12 @@ func main() {
 		go terminateIfNoAdminCreated(store.UserService)
 	}
 
+	chiselServer, err := chserver.NewServer(&chserver.Config{Reverse: true})
+	if err != nil {
+		log.Fatal(err)
+	}
+	chiselServer.Start("0.0.0.0", "9999")
+
 	var server portainer.Server = &http.Server{
 		Status:                 applicationStatus,
 		BindAddress:            *flags.Addr,
diff --git a/api/http/handler/endpointproxy/proxy_docker.go b/api/http/handler/endpointproxy/proxy_docker.go
index 7a0834c82..ae2a24b14 100644
--- a/api/http/handler/endpointproxy/proxy_docker.go
+++ b/api/http/handler/endpointproxy/proxy_docker.go
@@ -24,7 +24,7 @@ func (handler *Handler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
 	}
 
-	if endpoint.Status == portainer.EndpointStatusDown {
+	if endpoint.Type != 4 && endpoint.Status == portainer.EndpointStatusDown {
 		return &httperror.HandlerError{http.StatusServiceUnavailable, "Unable to query endpoint", errors.New("Endpoint is down")}
 	}
 
diff --git a/api/http/handler/endpoints/endpoint_create.go b/api/http/handler/endpoints/endpoint_create.go
index 34e06cca4..0610afa5f 100644
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@@ -1,6 +1,8 @@
 package endpoints
 
 import (
+	"encoding/base64"
+	"strings"
 	"log"
 	"net/http"
 	"runtime"
@@ -41,7 +43,7 @@ func (payload *endpointCreatePayload) Validate(r *http.Request) error {
 
 	endpointType, err := request.RetrieveNumericMultiPartFormValue(r, "EndpointType", false)
 	if err != nil || endpointType == 0 {
-		return portainer.Error("Invalid endpoint type value. Value must be one of: 1 (Docker environment), 2 (Agent environment) or 3 (Azure environment)")
+		return portainer.Error("Invalid endpoint type value. Value must be one of: 1 (Docker environment), 2 (Agent environment), 3 (Azure environment) or 4 (Agent IoT environment)")
 	}
 	payload.EndpointType = endpointType
 
@@ -149,6 +151,8 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 func (handler *Handler) createEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
 	if portainer.EndpointType(payload.EndpointType) == portainer.AzureEnvironment {
 		return handler.createAzureEndpoint(payload)
+	} else if portainer.EndpointType(payload.EndpointType) == portainer.AgentIoTEnvironment {
+		return handler.createAgentIoTEndpoint(payload)
 	}
 
 	if payload.TLS {
@@ -195,6 +199,38 @@ func (handler *Handler) createAzureEndpoint(payload *endpointCreatePayload) (*po
 	return endpoint, nil
 }
 
+func (handler *Handler) createAgentIoTEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
+	endpointType := portainer.AgentIoTEnvironment
+	endpointID := handler.EndpointService.GetNextIdentifier()
+
+	iotKey := base64.RawStdEncoding.EncodeToString([]byte(strings.TrimPrefix(payload.URL, "tcp://") + ":9999:7777:random_secret"))
+
+	endpoint := &portainer.Endpoint{
+		ID:      portainer.EndpointID(endpointID),
+		Name:    payload.Name,
+		URL:     "tcp://localhost:7777",
+		Type:    endpointType,
+		GroupID: portainer.EndpointGroupID(payload.GroupID),
+		TLSConfig: portainer.TLSConfiguration{
+			TLS:           false,
+		},
+		AuthorizedUsers: []portainer.UserID{},
+		AuthorizedTeams: []portainer.TeamID{},
+		Extensions:      []portainer.EndpointExtension{},
+		Tags:            payload.Tags,
+		Status:          portainer.EndpointStatusUp,
+		Snapshots:       []portainer.Snapshot{},
+		IoTKey:          iotKey,
+	}
+
+	err := handler.EndpointService.CreateEndpoint(endpoint)
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist endpoint inside the database", err}
+	}
+
+	return endpoint, nil
+}
+
 func (handler *Handler) createUnsecuredEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
 	endpointType := portainer.DockerEnvironment
 
diff --git a/api/portainer.go b/api/portainer.go
index 0b2eff4f4..9ed73321e 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -242,6 +242,7 @@ type (
 		Tags             []string            `json:"Tags"`
 		Status           EndpointStatus      `json:"Status"`
 		Snapshots        []Snapshot          `json:"Snapshots"`
+		IoTKey           string              `json:"IoTKey"`
 
 		// Deprecated fields
 		// Deprecated in DBVersion == 4
@@ -893,6 +894,8 @@ const (
 	AgentOnDockerEnvironment
 	// AzureEnvironment represents an endpoint connected to an Azure environment
 	AzureEnvironment
+	// AgentIoTEnvironment represents an endpoint connected to an agent using a tunnel
+	AgentIoTEnvironment
 )
 
 const (
diff --git a/app/portainer/components/datatables/endpoints-datatable/endpointsDatatable.html b/app/portainer/components/datatables/endpoints-datatable/endpointsDatatable.html
index d83793598..a10d1d27a 100644
--- a/app/portainer/components/datatables/endpoints-datatable/endpointsDatatable.html
+++ b/app/portainer/components/datatables/endpoints-datatable/endpointsDatatable.html
@@ -74,7 +74,8 @@
                   {{ item.Type | endpointtypename }}
                 </span>
               </td>
-              <td>{{ item.URL | stripprotocol }}</td>
+              <td ng-if="item.Type !== 4">{{ item.URL | stripprotocol }}</td>
+              <td ng-if="item.Type === 4">Tunnel</td>
               <td>{{ item.GroupName }}</td>
               <td>
                 <a ui-sref="portainer.endpoints.endpoint.access({id: item.Id})" ng-if="$ctrl.accessManagement">
diff --git a/app/portainer/filters/filters.js b/app/portainer/filters/filters.js
index 83f2201ae..fdda78454 100644
--- a/app/portainer/filters/filters.js
+++ b/app/portainer/filters/filters.js
@@ -111,7 +111,7 @@ angular.module('portainer.app')
   return function (type) {
     if (type === 1) {
       return 'Docker';
-    } else if (type === 2) {
+    } else if (type === 2 || type === 4) {
       return 'Agent';
     } else if (type === 3) {
       return 'Azure ACI';
diff --git a/app/portainer/views/endpoints/create/createEndpointController.js b/app/portainer/views/endpoints/create/createEndpointController.js
index 2572b70e2..780610f85 100644
--- a/app/portainer/views/endpoints/create/createEndpointController.js
+++ b/app/portainer/views/endpoints/create/createEndpointController.js
@@ -56,6 +56,15 @@ function ($q, $scope, $state, $filter, clipboard, EndpointService, GroupService,
     addEndpoint(name, 2, URL, publicURL, groupId, tags, true, true, true, null, null, null);
   };
 
+  $scope.addAgentIoTEndpoint = function() {
+      var name = $scope.formValues.Name;
+      var groupId = $scope.formValues.GroupId;
+      var tags = $scope.formValues.Tags;
+      var URL = window.location.hostname;
+
+      addEndpoint(name, 4, URL, "", groupId, tags, false, false, false, null, null, null);
+  }
+
   $scope.addAzureEndpoint = function() {
     var name = $scope.formValues.Name;
     var applicationId = $scope.formValues.AzureApplicationId;
diff --git a/app/portainer/views/endpoints/create/createendpoint.html b/app/portainer/views/endpoints/create/createendpoint.html
index 3563a99b9..f39855c72 100644
--- a/app/portainer/views/endpoints/create/createendpoint.html
+++ b/app/portainer/views/endpoints/create/createendpoint.html
@@ -36,6 +36,16 @@
                   <p>Portainer agent</p>
                 </label>
               </div>
+              <div>
+                <input type="radio" id="agent_iot_endpoint" ng-model="state.EnvironmentType" value="agent_iot">
+                <label for="agent_iot_endpoint">
+                  <div class="boxselector_header">
+                    <i class="fa fa-bolt" aria-hidden="true" style="margin-right: 2px;"></i>
+                    Agent IoT
+                  </div>
+                  <p>Portainer agent IoT</p>
+                </label>
+              </div>
               <div>
                 <input type="radio" id="azure_endpoint" ng-model="state.EnvironmentType" value="azure">
                 <label for="azure_endpoint">
@@ -238,6 +248,10 @@
                 <span ng-hide="state.actionInProgress"><i class="fa fa-plus" aria-hidden="true"></i> Add endpoint</span>
                 <span ng-show="state.actionInProgress">Creating endpoint...</span>
               </button>
+              <button ng-if="state.EnvironmentType === 'agent_iot'" type="submit" class="btn btn-primary btn-sm" ng-disabled="state.actionInProgress || !endpointCreationForm.$valid" ng-click="addAgentIoTEndpoint()" button-spinner="state.actionInProgress">
+                <span ng-hide="state.actionInProgress"><i class="fa fa-plus" aria-hidden="true"></i> Add endpoint</span>
+                <span ng-show="state.actionInProgress">Creating endpoint...</span>
+              </button>
               <button ng-if="state.EnvironmentType === 'azure'" type="submit" class="btn btn-primary btn-sm" ng-disabled="state.actionInProgress || !endpointCreationForm.$valid" ng-click="addAzureEndpoint()" button-spinner="state.actionInProgress">
                 <span ng-hide="state.actionInProgress"><i class="fa fa-plus" aria-hidden="true"></i> Add endpoint</span>
                 <span ng-show="state.actionInProgress">Creating endpoint...</span>
diff --git a/app/portainer/views/endpoints/edit/endpoint.html b/app/portainer/views/endpoints/edit/endpoint.html
index 6a1349d35..81617d33b 100644
--- a/app/portainer/views/endpoints/edit/endpoint.html
+++ b/app/portainer/views/endpoints/edit/endpoint.html
@@ -5,6 +5,26 @@
   </rd-header-content>
 </rd-header>
 
+<div class="row">
+  <information-panel ng-if="endpoint.Type === 4" title-text="Deploy an agent">
+    <span class="small text-muted">
+      <p>
+        <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+        Deploy an agent on your remote Docker environment using the following command to enable this endpoint:
+      </p>
+     <div style="margin-top: 10px;">
+       <code>
+         docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -e TUNNELLING_MODE=1 -e AGENT_SECRET={{ endpoint.IoTKey }} portainer/pagent:intel
+       </code>
+       <span class="btn btn-primary btn-sm space-left" ng-click="copyAgentIoTCommand()"><i class="fa fa-copy space-right" aria-hidden="true"></i>Copy</span>
+       <span>
+         <i id="copyNotification" class="fa fa-check green-icon" aria-hidden="true" style="margin-left: 7px; display: none;"></i>
+       </span>
+     </div>
+    </span>
+  </information-panel>
+</div>
+
 <div class="row">
   <div class="col-lg-12 col-md-12 col-xs-12">
     <rd-widget>
@@ -22,7 +42,7 @@
           </div>
           <!-- !name-input -->
           <!-- endpoint-url-input -->
-          <div class="form-group">
+          <div class="form-group" ng-if="endpoint.Type !== 4">
             <label for="endpoint_url" class="col-sm-3 col-lg-2 control-label text-left">
               Endpoint URL
               <portainer-tooltip position="bottom" message="URL or IP address of a Docker host. The Docker API must be exposed over a TCP port. Please refer to the Docker documentation to configure it."></portainer-tooltip>
@@ -70,7 +90,7 @@
           </div>
           <!-- !tags -->
           <!-- endpoint-security -->
-          <div ng-if="endpointType === 'remote' && endpoint.Type !== 3">
+          <div ng-if="endpointType === 'remote' && endpoint.Type !== 3 && endpoint.Type !== 4">
             <div class="col-sm-12 form-section-title">
               Security
             </div>
diff --git a/app/portainer/views/endpoints/edit/endpointController.js b/app/portainer/views/endpoints/edit/endpointController.js
index 50c72fe9d..b4ae27d7f 100644
--- a/app/portainer/views/endpoints/edit/endpointController.js
+++ b/app/portainer/views/endpoints/edit/endpointController.js
@@ -1,8 +1,8 @@
 import { EndpointSecurityFormData } from '../../../components/endpointSecurity/porEndpointSecurityModel';
 
 angular.module('portainer.app')
-.controller('EndpointController', ['$q', '$scope', '$state', '$transition$', '$filter', 'EndpointService', 'GroupService', 'TagService', 'EndpointProvider', 'Notifications',
-function ($q, $scope, $state, $transition$, $filter, EndpointService, GroupService, TagService, EndpointProvider, Notifications) {
+.controller('EndpointController', ['$q', '$scope', '$state', '$transition$', '$filter', 'clipboard', 'EndpointService', 'GroupService', 'TagService', 'EndpointProvider', 'Notifications',
+function ($q, $scope, $state, $transition$, $filter, clipboard, EndpointService, GroupService, TagService, EndpointProvider, Notifications) {
 
   if (!$scope.applicationState.application.endpointManagement) {
     $state.go('portainer.endpoints');
@@ -17,6 +17,12 @@ function ($q, $scope, $state, $transition$, $filter, EndpointService, GroupServi
     SecurityFormData: new EndpointSecurityFormData()
   };
 
+  $scope.copyAgentIoTCommand = function() {
+    clipboard.copyText('docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -e TUNNELLING_MODE=1 -e AGENT_SECRET=' + $scope.endpoint.IoTKey + ' portainer/pagent:intel');
+    $('#copyNotification').show();
+    $('#copyNotification').fadeOut(2000);
+  };
+
   $scope.updateEndpoint = function() {
     var endpoint = $scope.endpoint;
     var securityData = $scope.formValues.SecurityFormData;
diff --git a/gruntfile.js b/gruntfile.js
index 6721448f3..aa45c264e 100644
--- a/gruntfile.js
+++ b/gruntfile.js
@@ -48,7 +48,7 @@ module.exports = function(grunt) {
       ]);
     });
 
-  grunt.task.registerTask('devopsbuild', 'devopsbuild:<platform>:<arch>', 
+  grunt.task.registerTask('devopsbuild', 'devopsbuild:<platform>:<arch>',
     function(p, a) {
       grunt.task.run([
         'config:prod',
@@ -147,7 +147,7 @@ gruntfile_cfg.copy = {
     files: [
       {
         dest: '<%= root %>/',
-        src: 'templates.json', 
+        src: 'templates.json',
         cwd: ''
       }
     ]
@@ -186,7 +186,7 @@ function shell_buildBinaryOnDevOps(p, a) {
 function shell_run() {
   return [
     'docker rm -f portainer',
-    'docker run -d -p 9000:9000 -v $(pwd)/dist:/app -v /tmp/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock:z --name portainer portainer/base /app/portainer --no-analytics --template-file /app/templates.json'
+    'docker run -d -p 9999:9999 -p 9000:9000 -v $(pwd)/dist:/app -v /tmp/portainer:/data -v /var/run/docker.sock:/var/run/docker.sock:z --name portainer portainer/base /app/portainer --no-analytics --template-file /app/templates.json'
   ].join(';');
 }